package com.example.qimo.conf;
import jakarta.servlet.Filter;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;


@Configuration
public class ShiroConfig {
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        factoryBean.setSecurityManager(securityManager);

        Map<String, Filter> filters = new HashMap<>();
        MyAuthFilter authFilter = new MyAuthFilter();
        MyLoginFilter loginFilter = new MyLoginFilter();
        filters.put("authc", loginFilter);
        filters.put("roles",authFilter);
        factoryBean.setFilters(filters);
        //权限设置
        Map<String,String> map = new HashMap<>();
        map.put("/js/**","anon");
        map.put("/css/**","anon");
        map.put("/dologin/**","anon");
        map.put("/reg","anon");
        map.put("/**","authc");
        map.put("/index","roles[student]");
//        map.put("/lyb","perms[lyb]");
//        map.put("/xinxi","roles[teacher]");
//        //设置登录页面
        factoryBean.setLoginUrl("/login");
        //设置未授权页面
        factoryBean.setUnauthorizedUrl("/unauth");
        factoryBean.setFilterChainDefinitionMap(map);
        return factoryBean;
    }
    @Bean
    public DefaultWebSecurityManager securityManager(MyShiroRealm myShiroRealm,RememberMeManager rememberMeManager){
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(myShiroRealm);
        manager.setRememberMeManager(rememberMeManager);
        return manager;
    }

    @Bean
    public MyShiroRealm myShiroRealm(){
        MyShiroRealm realm = new MyShiroRealm();
        //设置加密算法
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher("md5");
        //设置加密次数
        credentialsMatcher.setHashIterations(1);
        //在身份验证过程中，用户提供的凭证（如密码）需要与存储在系统中的凭证进行匹配，以验证用户的身份。
        //凭证匹配器（CredentialsMatcher）是用来执行此匹配过程的组件
        realm.setCredentialsMatcher(credentialsMatcher); //配置身份验证的凭证匹配器
        return realm;
    }

    @Bean
    public RememberMeManager rememberMeManager(){
        CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
        //设置cookie名称，对应login.html页面的<input type="checkbox" name="rememberMe"/>
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        //防止某些攻击，不被Javascript代码获取
        simpleCookie.setHttpOnly(true);
        //单位为秒，设置cookie过期时间
        simpleCookie.setMaxAge(7*24*60*60);
        //设置Cookie
        rememberMeManager.setCookie(simpleCookie);
        //设置"Remember Me"功能中使用的密钥的代码
        rememberMeManager.setCipherKey(Base64.decode("4AvVhmFLUs0KTA3Kprsdag=="));
        //密钥 完整步骤为：
        // 使用Base64编码字符串解码得到字节数组
        //byte[] cipherKey = Base64.decode("4AvVhmFLUs0KTA3Kprsdag==");    //实际应用中，应该生成一个随机唯一的密钥
        // 将解码后的字节数组设置为RememberMeManager的密钥
        //rememberMeManager.setCipherKey(cipherKey);

        return rememberMeManager;
    }
}
